According to research from cybersecurity firms FireEye and iDefense, APT 40, a Chinese state-sponsored advanced persistent threat (APT) group, has targeted over 27 universities who conduct maritime research and development, some of which have been contracted by the Department of Defense (DoD). Some academic institutions targeted include Massachusetts Institute of Technology (MIT), the University of Hawaii, and the University of Washington. APT 40 has also targeted organizations in the engineering, defense, and transportation industries. The group has been the most active of any Chinese hacking group that cyber intelligence agencies detected over the past year. APT 40 begins their operations by sending phishing emails, sometimes assuming the identity of journalists, Navy officials, and other academic institutions. Next, they deploy malware, such as Gh0st RAT trojan, to maintain persistence on a compromised network and begin harvesting credentials. Once this is accomplished, they begin to move laterally within the network to ultimately gain access to intellectual property. At this time, APT 40’s efforts have resulted in the theft of sensitive military information, to include submarine missile plans and ship maintenance data. The NJCCIC advises all universities and academic institutions to refrain from clicking on links or opening attachments in unsolicited or unexpected emails, and report any suspicious emails to their local IT department, local police department, and the NJCCIC via the Cyber Incident Report form here.

Reference in this site to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the NJCCIC and the State of New Jersey.